Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting
From: sirdarckcat@xxxxxxxxx
Date: 26 Jan 2007 04:53:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Any way, this vulnerability is not dangerous.. because for sending a successful 
PM request, you need to match the "sid" variable, that is impossible to get 
unless you already have control of the session.

The correct patch must be added in the theme file 
"PersonalMessage.template.php" at the begining of the code:
$context["to"]=htmlentities($context["to"]);
$context["bcc"]=htmlentities($context["bcc"]);

Greetz!!

Prev by Date: Movable Type <= 3.33 XSS Exploit
Next by Date: [ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities
Previous by thread: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting
Next by thread: Re: SMF "index.php?action=pm" Cross Site-Scripting
Index(es):
- Date
- Thread